Throughout the year, we get a lot of internship that last from one to four months, and sometime eight months.

Currently, I've been creating a Windows account on the domain controller along with an Exchange mailbox for everybody, but we've been plagued with the following problems:

The account lingers in the domain controller because if it is deleted, the address can no longer receive any email. The address will still be used by any suppliers the intern may have been in contact with.

When the intern leave, I have to link the mailbox to the supervisor mailbox. This make Outlook cluttered and degrade its performance if the supervisor has many intern.

Theses are my reasons for having a different account/mailbox per interns:

Manipulation in each mailbox are not automatically replicated to other mailbox. This make it possible for each intern to manage the emails in his own way.

Out of concern for privacy, interns have different mailbox so that private email can't be read by all other interns.

Archiving is easier on a mailbox that is not shared.

Does anybody have some tips on how to manage internships on a Windows domain controller and on Exchange? Is there is any tools that could be used to manage temporary employees?

3 Answers
3

When an intern leaves, you can preserve the contact-flow without having to preserve the full mailbox (which will likely count against your licensed mailbox count). Since you're on Exchange 2003, you can create a "Contact" user-type which is just a stub-user with a simple forward attached. Ideal for what you're looking for. The flow would look like this:

Intern leaves

Export mailbox to PST, and remove accounts.

Create a new Contact user with the same address and name, listing their supervisor's email as the forward-to.

That way all incoming email will go to the supervisor, and any replies will be shown as from the supervisor which negates any identity fraud that may occur and will show your suppliers that there is a new contact.

I have to admit, this was what I wanted to put the first time! But, for whatever reason, I thought that a mail enabled contact wouldn't work for an internal address. Now I know!
–
Jesse PaxsonMay 4 '12 at 18:24

@JessePaxson In the end, you can always just add the intern's address under "Other addresses" for the supervisor. That list'll get big, but it will work.
–
sysadmin1138♦May 4 '12 at 18:27

To prevent cluttering up active directory, I usually create an OU called "Previous Employees" or something to that effect. Move people who leave to that OU, and disable their account. For a little extra peace of mind, I also create a group policy on that OU that prevents them from logging into our terminal servers, just in case someone forgets to disable their account or enables it temporarily to access something from their account and forgets to disable it again.

If you have a really high turnover, create OUs under "Previous Employees" with the year and month, so you have "mydomain\Previous Employees\2012-04". That makes it really easy to see how long ago they left, so you can easily delete accounts that have been kept around long enough to ensure they aren't needed anymore.

As for the email, setup an out of office message (the easiest way to do that is usually to reset their password and login to outlook web access) saying they should update their contact information to whoever took over, and forward the emails to the supervisor. Make a note somewhere to stop forwarding after a reasonable amount of time.

You can always do a standard out of office reply that will direct the emailer to the new point of contact. In addition, configure all incoming emails to forward to the new point of contact rather than adding the mailbox to their Outlook. Give this a couple of months and then archive the account accordingly.